www.trustwave.com
Open in
urlscan Pro
199.60.103.2
Public Scan
URL:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modbus-101-one-protocol-to-rule-the-ot-world/
Submission: On September 29 via manual from AU — Scanned from AU
Submission: On September 29 via manual from AU — Scanned from AU
Form analysis
4 forms found in the DOM/hs-search-results
<form action="/hs-search-results" data-hs-cf-bound="true">
<input id="search" value="" type="text" class="form-control" name="q" placeholder="Search trustwave.com" autocomplete="off">
</form>
/hs-search-results
<form action="/hs-search-results" data-hs-cf-bound="true">
<input id="search" value="" type="text" class="form-control" name="q" placeholder="Search trustwave.com" autocomplete="off">
</form>
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/21158977/92358282-9e9e-4fe6-a21f-c30c1e55336d
<form id="hsForm_92358282-9e9e-4fe6-a21f-c30c1e55336d_1008" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/21158977/92358282-9e9e-4fe6-a21f-c30c1e55336d"
class="hs-form-private hsForm_92358282-9e9e-4fe6-a21f-c30c1e55336d hs-form-92358282-9e9e-4fe6-a21f-c30c1e55336d hs-form-92358282-9e9e-4fe6-a21f-c30c1e55336d_8b07685a-af05-494d-97c9-05f77b995271 hs-form stacked hs-custom-form"
target="target_iframe_92358282-9e9e-4fe6-a21f-c30c1e55336d_1008" data-instance-id="8b07685a-af05-494d-97c9-05f77b995271" data-form-id="92358282-9e9e-4fe6-a21f-c30c1e55336d" data-portal-id="21158977" data-hs-cf-bound="true">
<fieldset class="form-columns-0">
<div class="hs-richtext hs-main-font-element">
<h2 style="text-align: center; font-size: 32px;">Request a Demo<br><br></h2>
</div>
</fieldset>
<fieldset class="form-columns-2">
<div class="hs_firstname hs-firstname hs-fieldtype-text field hs-form-field"><label id="label-firstname-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008" class="" placeholder="Enter your First Name"
for="firstname-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008"><span>First Name</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="firstname-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008" name="firstname" required="" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="given-name" value=""></div>
</div>
<div class="hs_lastname hs-lastname hs-fieldtype-text field hs-form-field"><label id="label-lastname-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008" class="" placeholder="Enter your Last Name"
for="lastname-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008"><span>Last Name</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="lastname-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008" name="lastname" required="" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="family-name" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-2">
<div class="hs_company hs-company hs-fieldtype-text field hs-form-field"><label id="label-company-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008" class="" placeholder="Enter your Company Name"
for="company-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008"><span>Company Name</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="company-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008" name="company" required="" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="organization" value=""></div>
</div>
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008" class="" placeholder="Enter your Business Email"
for="email-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008"><span>Business Email</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008" name="email" required="" placeholder="" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs-dependent-field">
<div class="hs_country hs-country hs-fieldtype-select field hs-form-field"><label id="label-country-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008" class="" placeholder="Enter your Country"
for="country-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008"><span>Country</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><select id="country-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008" required="" class="hs-input is-placeholder" name="country">
<option disabled="" value="">Please Select</option>
<option value="United States">United States</option>
<option value="United Kingdom">United Kingdom</option>
<option value="Australia">Australia</option>
<option value="Germany">Germany</option>
<option value="Mexico">Mexico</option>
<option value="New Zealand">New Zealand</option>
<option value="Singapore">Singapore</option>
<option value="Other">Other</option>
<option value="Afghanistan">Afghanistan</option>
<option value="Åland Islands">Åland Islands</option>
<option value="Albania">Albania</option>
<option value="Algeria">Algeria</option>
<option value="American Samoa">American Samoa</option>
<option value="Andorra">Andorra</option>
<option value="Angola">Angola</option>
<option value="Anguilla">Anguilla</option>
<option value="Antarctica">Antarctica</option>
<option value="Antigua and Barbuda">Antigua and Barbuda</option>
<option value="Argentina">Argentina</option>
<option value="Armenia">Armenia</option>
<option value="Aruba">Aruba</option>
<option value="Asia/Pacific Region">Asia/Pacific Region</option>
<option value="Austria">Austria</option>
<option value="Azerbaijan">Azerbaijan</option>
<option value="Bahamas">Bahamas</option>
<option value="Bahrain">Bahrain</option>
<option value="Bangladesh">Bangladesh</option>
<option value="Barbados">Barbados</option>
<option value="Belarus">Belarus</option>
<option value="Belgium">Belgium</option>
<option value="Belize">Belize</option>
<option value="Benin">Benin</option>
<option value="Bermuda">Bermuda</option>
<option value="Bhutan">Bhutan</option>
<option value="Bolivia">Bolivia</option>
<option value="Bosnia and Herzegovina">Bosnia and Herzegovina</option>
<option value="Botswana">Botswana</option>
<option value="Bouvet Island">Bouvet Island</option>
<option value="Brazil">Brazil</option>
<option value="British Indian Ocean Territory">British Indian Ocean Territory</option>
<option value="British Virgin Islands">British Virgin Islands</option>
<option value="Brunei">Brunei</option>
<option value="Bulgaria">Bulgaria</option>
<option value="Burkina Faso">Burkina Faso</option>
<option value="Burundi">Burundi</option>
<option value="Cambodia">Cambodia</option>
<option value="Cameroon">Cameroon</option>
<option value="Canada">Canada</option>
<option value="Cape Verde">Cape Verde</option>
<option value="Caribbean Netherlands">Caribbean Netherlands</option>
<option value="Cayman Islands">Cayman Islands</option>
<option value="Central African Republic">Central African Republic</option>
<option value="Chad">Chad</option>
<option value="Chile">Chile</option>
<option value="China">China</option>
<option value="Christmas Island">Christmas Island</option>
<option value="Cocos (Keeling) Islands">Cocos (Keeling) Islands</option>
<option value="Colombia">Colombia</option>
<option value="Comoros">Comoros</option>
<option value="Congo">Congo</option>
<option value="Cook Islands">Cook Islands</option>
<option value="Costa Rica">Costa Rica</option>
<option value="Cote d'Ivoire">Cote d'Ivoire</option>
<option value="Croatia">Croatia</option>
<option value="Cuba">Cuba</option>
<option value="Curaçao">Curaçao</option>
<option value="Cyprus">Cyprus</option>
<option value="Czech Republic">Czech Republic</option>
<option value="Democratic Republic of the Congo">Democratic Republic of the Congo</option>
<option value="Denmark">Denmark</option>
<option value="Djibouti">Djibouti</option>
<option value="Dominica">Dominica</option>
<option value="Dominican Republic">Dominican Republic</option>
<option value="East Timor">East Timor</option>
<option value="Ecuador">Ecuador</option>
<option value="Egypt">Egypt</option>
<option value="El Salvador">El Salvador</option>
<option value="Equatorial Guinea">Equatorial Guinea</option>
<option value="Eritrea">Eritrea</option>
<option value="Estonia">Estonia</option>
<option value="Ethiopia">Ethiopia</option>
<option value="Europe">Europe</option>
<option value="Falkland Islands">Falkland Islands</option>
<option value="Faroe Islands">Faroe Islands</option>
<option value="Fiji">Fiji</option>
<option value="Finland">Finland</option>
<option value="France">France</option>
<option value="French Guiana">French Guiana</option>
<option value="French Polynesia">French Polynesia</option>
<option value="French Southern and Antarctic Lands">French Southern and Antarctic Lands</option>
<option value="Gabon">Gabon</option>
<option value="Gambia">Gambia</option>
<option value="Georgia">Georgia</option>
<option value="Ghana">Ghana</option>
<option value="Gibraltar">Gibraltar</option>
<option value="Greece">Greece</option>
<option value="Greenland">Greenland</option>
<option value="Grenada">Grenada</option>
<option value="Guadeloupe">Guadeloupe</option>
<option value="Guam">Guam</option>
<option value="Guatemala">Guatemala</option>
<option value="Guernsey">Guernsey</option>
<option value="Guinea">Guinea</option>
<option value="Guinea-Bissau">Guinea-Bissau</option>
<option value="Guyana">Guyana</option>
<option value="Haiti">Haiti</option>
<option value="Heard Island and McDonald Islands">Heard Island and McDonald Islands</option>
<option value="Honduras">Honduras</option>
<option value="Hong Kong">Hong Kong</option>
<option value="Hungary">Hungary</option>
<option value="Iceland">Iceland</option>
<option value="India">India</option>
<option value="Indonesia">Indonesia</option>
<option value="Iran">Iran</option>
<option value="Iraq">Iraq</option>
<option value="Ireland">Ireland</option>
<option value="Isle of Man">Isle of Man</option>
<option value="Israel">Israel</option>
<option value="Italy">Italy</option>
<option value="Jamaica">Jamaica</option>
<option value="Japan">Japan</option>
<option value="Jersey">Jersey</option>
<option value="Jordan">Jordan</option>
<option value="Kazakhstan">Kazakhstan</option>
<option value="Kenya">Kenya</option>
<option value="Kiribati">Kiribati</option>
<option value="Kosovo">Kosovo</option>
<option value="Kuwait">Kuwait</option>
<option value="Kyrgyzstan">Kyrgyzstan</option>
<option value="Laos">Laos</option>
<option value="Latvia">Latvia</option>
<option value="Lebanon">Lebanon</option>
<option value="Lesotho">Lesotho</option>
<option value="Liberia">Liberia</option>
<option value="Libya">Libya</option>
<option value="Liechtenstein">Liechtenstein</option>
<option value="Lithuania">Lithuania</option>
<option value="Luxembourg">Luxembourg</option>
<option value="Macau">Macau</option>
<option value="Macedonia (FYROM)">Macedonia (FYROM)</option>
<option value="Madagascar">Madagascar</option>
<option value="Malawi">Malawi</option>
<option value="Malaysia">Malaysia</option>
<option value="Maldives">Maldives</option>
<option value="Mali">Mali</option>
<option value="Malta">Malta</option>
<option value="Marshall Islands">Marshall Islands</option>
<option value="Martinique">Martinique</option>
<option value="Mauritania">Mauritania</option>
<option value="Mauritius">Mauritius</option>
<option value="Mayotte">Mayotte</option>
<option value="Micronesia">Micronesia</option>
<option value="Moldova">Moldova</option>
<option value="Monaco">Monaco</option>
<option value="Mongolia">Mongolia</option>
<option value="Montenegro">Montenegro</option>
<option value="Montserrat">Montserrat</option>
<option value="Morocco">Morocco</option>
<option value="Mozambique">Mozambique</option>
<option value="Myanmar (Burma)">Myanmar (Burma)</option>
<option value="Namibia">Namibia</option>
<option value="Nauru">Nauru</option>
<option value="Nepal">Nepal</option>
<option value="Netherlands">Netherlands</option>
<option value="Netherlands Antilles">Netherlands Antilles</option>
<option value="New Caledonia">New Caledonia</option>
<option value="Nicaragua">Nicaragua</option>
<option value="Niger">Niger</option>
<option value="Nigeria">Nigeria</option>
<option value="Niue">Niue</option>
<option value="Norfolk Island">Norfolk Island</option>
<option value="North Korea">North Korea</option>
<option value="Northern Mariana Islands">Northern Mariana Islands</option>
<option value="Norway">Norway</option>
<option value="Oman">Oman</option>
<option value="Pakistan">Pakistan</option>
<option value="Palau">Palau</option>
<option value="Palestine">Palestine</option>
<option value="Panama">Panama</option>
<option value="Papua New Guinea">Papua New Guinea</option>
<option value="Paraguay">Paraguay</option>
<option value="Peru">Peru</option>
<option value="Philippines">Philippines</option>
<option value="Pitcairn Islands">Pitcairn Islands</option>
<option value="Poland">Poland</option>
<option value="Portugal">Portugal</option>
<option value="Puerto Rico">Puerto Rico</option>
<option value="Qatar">Qatar</option>
<option value="Réunion">Réunion</option>
<option value="Romania">Romania</option>
<option value="Russia">Russia</option>
<option value="Rwanda">Rwanda</option>
<option value="Saint Barthélemy">Saint Barthélemy</option>
<option value="Saint Helena">Saint Helena</option>
<option value="Saint Kitts and Nevis">Saint Kitts and Nevis</option>
<option value="Saint Lucia">Saint Lucia</option>
<option value="Saint Martin">Saint Martin</option>
<option value="Saint Pierre and Miquelon">Saint Pierre and Miquelon</option>
<option value="Saint Vincent and the Grenadines">Saint Vincent and the Grenadines</option>
<option value="Samoa">Samoa</option>
<option value="San Marino">San Marino</option>
<option value="Sao Tome and Principe">Sao Tome and Principe</option>
<option value="Saudi Arabia">Saudi Arabia</option>
<option value="Senegal">Senegal</option>
<option value="Serbia">Serbia</option>
<option value="Seychelles">Seychelles</option>
<option value="Sierra Leone">Sierra Leone</option>
<option value="Sint Maarten">Sint Maarten</option>
<option value="Slovakia">Slovakia</option>
<option value="Slovenia">Slovenia</option>
<option value="Solomon Islands">Solomon Islands</option>
<option value="Somalia">Somalia</option>
<option value="South Africa">South Africa</option>
<option value="South Georgia and the South Sandwich Islands">South Georgia and the South Sandwich Islands</option>
<option value="South Korea">South Korea</option>
<option value="South Sudan">South Sudan</option>
<option value="Spain">Spain</option>
<option value="Sri Lanka">Sri Lanka</option>
<option value="Sudan">Sudan</option>
<option value="Suriname">Suriname</option>
<option value="Svalbard and Jan Mayen">Svalbard and Jan Mayen</option>
<option value="Swaziland">Swaziland</option>
<option value="Sweden">Sweden</option>
<option value="Switzerland">Switzerland</option>
<option value="Syria">Syria</option>
<option value="Taiwan">Taiwan</option>
<option value="Tajikistan">Tajikistan</option>
<option value="Tanzania">Tanzania</option>
<option value="Thailand">Thailand</option>
<option value="Togo">Togo</option>
<option value="Tokelau">Tokelau</option>
<option value="Tonga">Tonga</option>
<option value="Trinidad and Tobago">Trinidad and Tobago</option>
<option value="Tunisia">Tunisia</option>
<option value="Turkey">Turkey</option>
<option value="Turkmenistan">Turkmenistan</option>
<option value="Turks and Caicos Islands">Turks and Caicos Islands</option>
<option value="Tuvalu">Tuvalu</option>
<option value="U.S. Virgin Islands">U.S. Virgin Islands</option>
<option value="Uganda">Uganda</option>
<option value="Ukraine">Ukraine</option>
<option value="United Arab Emirates">United Arab Emirates</option>
<option value="United States Minor Outlying Islands">United States Minor Outlying Islands</option>
<option value="Uruguay">Uruguay</option>
<option value="Uzbekistan">Uzbekistan</option>
<option value="Vanuatu">Vanuatu</option>
<option value="Vatican City">Vatican City</option>
<option value="Venezuela">Venezuela</option>
<option value="Vietnam">Vietnam</option>
<option value="Wallis and Futuna">Wallis and Futuna</option>
<option value="Western Sahara">Western Sahara</option>
<option value="Yemen">Yemen</option>
<option value="Zambia">Zambia</option>
<option value="Zimbabwe">Zimbabwe</option>
</select></div>
</div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="legal-consent-container">
<div>
<div class="hs-dependent-field">
<div class="hs_LEGAL_CONSENT.subscription_type_28863750 hs-LEGAL_CONSENT.subscription_type_28863750 hs-fieldtype-booleancheckbox field hs-form-field">
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input">
<ul class="inputs-list">
<li class="hs-form-booleancheckbox"><label for="LEGAL_CONSENT.subscription_type_28863750-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008" class="hs-form-booleancheckbox-display"><input
id="LEGAL_CONSENT.subscription_type_28863750-92358282-9e9e-4fe6-a21f-c30c1e55336d_1008" class="hs-input" type="checkbox" name="LEGAL_CONSENT.subscription_type_28863750" value="true"><span>
<p>I agree to receive other communications from Trustwave.</p>
</span></label></li>
</ul>
</div>
</div>
</div>
<legend class="hs-field-desc checkbox-desc" style="display: none;"></legend>
</div>
<div class="hs-richtext">
<p>By clicking submit below, you agree to our <a href="https://www.trustwave.com/en-us/legal-documents/terms-of-use/" target="_blank" rel="noopener">Terms of Use</a> and
<a href="https://www.trustwave.com/en-us/legal-documents/privacy-policy/" target="_blank" rel="noopener">Privacy Policy. </a>Additionally, you consent to allow Trustwave to store and process the personal information submitted above to
provide you with the content requested.</p>
</div>
</div>
</fieldset>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Submit"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1695961347051","formDefinitionUpdatedAt":"1692838964402","lang":"en","legalConsentOptions":"{\"communicationConsentCheckboxes\":[{\"communicationTypeId\":28863750,\"label\":\"<p>I agree to receive other communications from Trustwave.</p>\",\"required\":false}],\"legitimateInterestLegalBasis\":\"LEGITIMATE_INTEREST_PQL\",\"processingConsentType\":\"IMPLICIT\",\"processingConsentCheckboxLabel\":\"<p>I agree to allow Trustwave to store and process my personal data.</p>\",\"privacyPolicyText\":\"<p>By clicking submit below, you agree to our <a href=\\\"https://www.trustwave.com/en-us/legal-documents/terms-of-use/\\\" target=\\\"_blank\\\" rel=\\\"noopener\\\">Terms of Use</a> and <a href=\\\"https://www.trustwave.com/en-us/legal-documents/privacy-policy/\\\" target=\\\"_blank\\\" rel=\\\"noopener\\\">Privacy Policy. </a>Additionally, you consent to allow Trustwave to store and process the personal information submitted above to provide you with the content requested.</p>\",\"isLegitimateInterest\":false}","embedType":"REGULAR","disableCookieSubmission":"true","clonedFromForm":"40c8a228-a6a0-4319-845f-fa2884205aba","notifyHubSpotOwner":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36","pageTitle":"ModBus 101: One Protocol to Rule the OT World","pageUrl":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modbus-101-one-protocol-to-rule-the-ot-world/","pageId":"127729383786","isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modbus-101-one-protocol-to-rule-the-ot-world/","contentType":"blog-post","hutk":"1987120246d1f9d23639fb4935b5bf51","__hsfp":3272624203,"__hssc":"94548739.1.1695961350644","__hstc":"94548739.1987120246d1f9d23639fb4935b5bf51.1695961350643.1695961350643.1695961350643.1","formTarget":"#hs_form_target_form_714211391","formInstanceId":"1008","rawInlineMessage":"<p style=\"text-align: center;\"><strong>Thank You</strong></p>\n<p style=\"text-align: center;\"><img style=\"height: auto; max-width: 100%; width: 258px;\" src=\"https://21158977.fs1.hubspotusercontent-na1.net/hubfs/21158977/Red%20Line.png\" alt=\"Red Line\" loading=\"lazy\" width=\"258\" height=\"22\"></p>\n<p style=\"text-align: center;\">Browse our latest <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/\" rel=\"noopener\">blogs</a></span> or visit our <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https://www.trustwave.com/en-us/resources/library/\" rel=\"noopener\">Resource Library</a></span>.</p>","hsFormKey":"db7a90e4fa26515d1f06f9a6e8a56dc8","pageName":"ModBus 101: One Protocol to Rule the OT World","boolCheckBoxFields":"LEGAL_CONSENT.subscription_type_28863750","locale":"en","timestamp":1695961350662,"originalEmbedContext":{"portalId":"21158977","formId":"92358282-9e9e-4fe6-a21f-c30c1e55336d","region":"na1","target":"#hs_form_target_form_714211391","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"1008","formsBaseUrl":"/_hcms/forms","css":"","inlineMessage":"<p style=\"text-align: center;\"><strong>Thank You</strong></p>\n<p style=\"text-align: center;\"><img style=\"height: auto; max-width: 100%; width: 258px;\" src=\"https://21158977.fs1.hubspotusercontent-na1.net/hubfs/21158977/Red%20Line.png\" alt=\"Red Line\" loading=\"lazy\" width=\"258\" height=\"22\"></p>\n<p style=\"text-align: center;\">Browse our latest <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/\" rel=\"noopener\">blogs</a></span> or visit our <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https://www.trustwave.com/en-us/resources/library/\" rel=\"noopener\">Resource Library</a></span>.</p>","isMobileResponsive":true,"rawInlineMessage":"<p style=\"text-align: center;\"><strong>Thank You</strong></p>\n<p style=\"text-align: center;\"><img style=\"height: auto; max-width: 100%; width: 258px;\" src=\"https://21158977.fs1.hubspotusercontent-na1.net/hubfs/21158977/Red%20Line.png\" alt=\"Red Line\" loading=\"lazy\" width=\"258\" height=\"22\"></p>\n<p style=\"text-align: center;\">Browse our latest <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/\" rel=\"noopener\">blogs</a></span> or visit our <span style=\"color: #0096b3;\"><a style=\"color: #0096b3;\" href=\"https://www.trustwave.com/en-us/resources/library/\" rel=\"noopener\">Resource Library</a></span>.</p>","hsFormKey":"db7a90e4fa26515d1f06f9a6e8a56dc8","pageName":"ModBus 101: One Protocol to Rule the OT World","pageId":"127729383786","contentType":"blog-post","formData":{"cssClass":"hs-form stacked hs-custom-form"},"isCMSModuleEmbed":true},"correlationId":"8b07685a-af05-494d-97c9-05f77b995271","renderedFieldsIds":["firstname","lastname","company","email","country","LEGAL_CONSENT.subscription_type_28863750"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.3812","sourceName":"forms-embed","sourceVersion":"1.3812","sourceVersionMajor":"1","sourceVersionMinor":"3812","_debug_allPageIds":{"embedContextPageId":"127729383786","analyticsPageId":"127729383786","pageContextPageId":"127729383786"},"_debug_embedLogLines":[{"clientTimestamp":1695961347186,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"getExtraMetaDataBeforeSubmit\"]"},{"clientTimestamp":1695961347187,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"ModBus 101: One Protocol to Rule the OT World\",\"pageUrl\":\"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modbus-101-one-protocol-to-rule-the-ot-world/\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36\",\"pageId\":\"127729383786\",\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1695961347188,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"AU\""},{"clientTimestamp":1695961350654,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"1987120246d1f9d23639fb4935b5bf51\",\"canonicalUrl\":\"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modbus-101-one-protocol-to-rule-the-ot-world/\",\"contentType\":\"blog-post\",\"pageId\":\"127729383786\"}"}]}"><iframe
name="target_iframe_92358282-9e9e-4fe6-a21f-c30c1e55336d_1008" style="display: none;"></iframe>
</form>
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/21158977/68741a11-8e56-4f23-ba7f-b2307e77714c
<form id="hsForm_68741a11-8e56-4f23-ba7f-b2307e77714c_7464" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/21158977/68741a11-8e56-4f23-ba7f-b2307e77714c"
class="hs-form-private hsForm_68741a11-8e56-4f23-ba7f-b2307e77714c hs-form-68741a11-8e56-4f23-ba7f-b2307e77714c hs-form-68741a11-8e56-4f23-ba7f-b2307e77714c_f5af4e01-0b6c-4267-a7f1-d1a9bd97814e hs-form stacked hs-custom-form"
target="target_iframe_68741a11-8e56-4f23-ba7f-b2307e77714c_7464" data-instance-id="f5af4e01-0b6c-4267-a7f1-d1a9bd97814e" data-form-id="68741a11-8e56-4f23-ba7f-b2307e77714c" data-portal-id="21158977" data-hs-cf-bound="true">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-68741a11-8e56-4f23-ba7f-b2307e77714c_7464" class="" placeholder="Enter your " for="email-68741a11-8e56-4f23-ba7f-b2307e77714c_7464"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-68741a11-8e56-4f23-ba7f-b2307e77714c_7464" name="email" placeholder="Business Email" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="SUBSCRIBE"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1695961347099","formDefinitionUpdatedAt":"1691784892438","lang":"en","embedType":"REGULAR","renderRawHtml":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36","pageTitle":"ModBus 101: One Protocol to Rule the OT World","pageUrl":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modbus-101-one-protocol-to-rule-the-ot-world/","pageId":"127729383786","isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modbus-101-one-protocol-to-rule-the-ot-world/","contentType":"blog-post","hutk":"1987120246d1f9d23639fb4935b5bf51","__hsfp":3272624203,"__hssc":"94548739.1.1695961350644","__hstc":"94548739.1987120246d1f9d23639fb4935b5bf51.1695961350643.1695961350643.1695961350643.1","formTarget":"#hs_form_target_form_968519573","formInstanceId":"7464","rawInlineMessage":"<p>Thank you for your email! You will soon receive the Trustwave newsletter</p>","hsFormKey":"c1c0cfaca6346e51ea31d7e6698bfb1f","pageName":"ModBus 101: One Protocol to Rule the OT World","locale":"en","timestamp":1695961350666,"originalEmbedContext":{"portalId":"21158977","formId":"68741a11-8e56-4f23-ba7f-b2307e77714c","region":"na1","target":"#hs_form_target_form_968519573","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"7464","formsBaseUrl":"/_hcms/forms","css":"","inlineMessage":"<p>Thank you for your email! You will soon receive the Trustwave newsletter</p>","isMobileResponsive":true,"rawInlineMessage":"<p>Thank you for your email! You will soon receive the Trustwave newsletter</p>","hsFormKey":"c1c0cfaca6346e51ea31d7e6698bfb1f","pageName":"ModBus 101: One Protocol to Rule the OT World","pageId":"127729383786","contentType":"blog-post","formData":{"cssClass":"hs-form stacked hs-custom-form"},"isCMSModuleEmbed":true},"correlationId":"f5af4e01-0b6c-4267-a7f1-d1a9bd97814e","renderedFieldsIds":["email"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.3812","sourceName":"forms-embed","sourceVersion":"1.3812","sourceVersionMajor":"1","sourceVersionMinor":"3812","_debug_allPageIds":{"embedContextPageId":"127729383786","analyticsPageId":"127729383786","pageContextPageId":"127729383786"},"_debug_embedLogLines":[{"clientTimestamp":1695961347282,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"getExtraMetaDataBeforeSubmit\"]"},{"clientTimestamp":1695961347282,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"ModBus 101: One Protocol to Rule the OT World\",\"pageUrl\":\"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modbus-101-one-protocol-to-rule-the-ot-world/\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36\",\"pageId\":\"127729383786\",\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1695961347282,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"AU\""},{"clientTimestamp":1695961350663,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"1987120246d1f9d23639fb4935b5bf51\",\"canonicalUrl\":\"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modbus-101-one-protocol-to-rule-the-ot-world/\",\"contentType\":\"blog-post\",\"pageId\":\"127729383786\"}"}]}"><iframe
name="target_iframe_68741a11-8e56-4f23-ba7f-b2307e77714c_7464" style="display: none;"></iframe>
</form>
Text Content
Trustwave achieves verified MXDR solution and FastTrack ready partner status from Microsoft. Learn More * Contact Us * Login Fusion Platform Login What is the Trustwave Fusion Platform? MailMarshal Cloud Login * Incident Response EXPERIENCING A SECURITY BREACH? Get access to immediate incident response assistance. 24 HOUR HOTLINES * AMERICAS +1 855 438 4305 * EMEA +44 8081687370 * AUSTRALIA +61 1300901211 * SINGAPORE +65 68175019 Recommended Actions Request a Demo * Services Services Managed Detection & Response Eradicate cyberthreats with world-class intel and expertise Managed Security Services Expand your team’s capabilities and strengthen your security posture Consulting & Professional Services Tap into our global team of tenured cybersecurity specialists Penetration Testing Subscription- or project-based testing, delivered by global experts Database Security Get ahead of database risk, protect data and exceed compliance requirements Email Security & Management Catch email threats others miss with layered security & maximum control Co-Managed SOC (SIEM) Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk View All Trustwave Services * Solutions Solutions BY INDUSTRY * Education * Financial Services * Government Why Trustwave The Trustwave Approach A focus on threat detection and response Awards and Accolades Recognition by analysts and media outlets Trustwave SpiderLabs Team Researchers, ethical hackers and responders Trustwave Fusion Platform Unprecedented security visibility and control SpiderLabs Fusion Center Our cybersecurity command center Security Operations Centers Distributed worldwide defense nodes * Healthcare Partners Technology Alliance Partners Key alliances who align and support our ecosystem of security offerings Trustwave PartnerOne Program Join forces with Trustwave to protect against the most advance cybersecurity threats Register Login * Hotels Resources BLOGS * Trustwave Blog * SpiderLabs Blog UPCOMING * Webinars * Events MEDIA & ASSETS * Document Library * Video Library * Analyst Reports * Webinar Replays * Case Studies * Trials & Evaluations NOTICES * Security Advisories * Software Updates HELP * Contact * Support * Legal * Manufacturing * Retail BY REGULATION * Data Privacy * CMMC * FISMA Why Trustwave The Trustwave Approach A focus on threat detection and response Awards and Accolades Recognition by analysts and media outlets Trustwave SpiderLabs Team Researchers, ethical hackers and responders Trustwave Fusion Platform Unprecedented security visibility and control SpiderLabs Fusion Center Our cybersecurity command center Security Operations Centers Distributed worldwide defense nodes * GDPR Partners Technology Alliance Partners Key alliances who align and support our ecosystem of security offerings Trustwave PartnerOne Program Join forces with Trustwave to protect against the most advance cybersecurity threats Register Login * GLBA Resources BLOGS * Trustwave Blog * SpiderLabs Blog UPCOMING * Webinars * Events MEDIA & ASSETS * Document Library * Video Library * Analyst Reports * Webinar Replays * Case Studies * Trials & Evaluations NOTICES * Security Advisories * Software Updates HELP * Contact * Support * HIPAA * ISO * SOX BY TOPIC Microsoft Exchange Server Attacks Stay protected against emerging threats Rapidly Secure New Environments Security for rapid response situations Securing the Cloud Safely navigate and stay protected Securing the IoT Landscape Test, monitor and secure network objects * Why Trustwave Why Trustwave The Trustwave Approach A focus on threat detection and response Awards and Accolades Recognition by analysts and media outlets Trustwave SpiderLabs Team Researchers, ethical hackers and responders Trustwave Fusion Platform Unprecedented security visibility and control SpiderLabs Fusion Center Our cybersecurity command center Security Operations Centers Distributed worldwide defense nodes * Partners Partners Technology Alliance Partners Key alliances who align and support our ecosystem of security offerings Trustwave PartnerOne Program Join forces with Trustwave to protect against the most advance cybersecurity threats Register Login * Resources Resources BLOGS * Trustwave Blog * SpiderLabs Blog UPCOMING * Webinars * Events MEDIA & ASSETS * Document Library * Video Library * Analyst Reports * Webinar Replays * Case Studies * Trials & Evaluations NOTICES * Security Advisories * Software Updates HELP * Contact * Support * Contact Us * Login login Fusion Platform Login What is the Trustwave Fusion Platform? MailMarshal Cloud Login * Incident Response Incident Response EXPERIENCING A SECURITY BREACH? Get access to immediate incident response assistance. 24 HOUR HOTLINES * AMERICAS +1 855 438 4305 * EMEA +44 8081687370 * AUSTRALIA +61 1300901211 * SINGAPORE +65 68175019 Recommended Actions * Trustwave achieves verified MXDR solution and FastTrack ready partner status from Microsoft. Learn More Request a Demo REQUEST A DEMO First Name* Last Name* Company Name* Business Email* Country* Please SelectUnited StatesUnited KingdomAustraliaGermanyMexicoNew ZealandSingaporeOtherAfghanistanÅland IslandsAlbaniaAlgeriaAmerican SamoaAndorraAngolaAnguillaAntarcticaAntigua and BarbudaArgentinaArmeniaArubaAsia/Pacific RegionAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBoliviaBosnia and HerzegovinaBotswanaBouvet IslandBrazilBritish Indian Ocean TerritoryBritish Virgin IslandsBruneiBulgariaBurkina FasoBurundiCambodiaCameroonCanadaCape VerdeCaribbean NetherlandsCayman IslandsCentral African RepublicChadChileChinaChristmas IslandCocos (Keeling) IslandsColombiaComorosCongoCook IslandsCosta RicaCote d'IvoireCroatiaCubaCuraçaoCyprusCzech RepublicDemocratic Republic of the CongoDenmarkDjiboutiDominicaDominican RepublicEast TimorEcuadorEgyptEl SalvadorEquatorial GuineaEritreaEstoniaEthiopiaEuropeFalkland IslandsFaroe IslandsFijiFinlandFranceFrench GuianaFrench PolynesiaFrench Southern and Antarctic LandsGabonGambiaGeorgiaGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuernseyGuineaGuinea-BissauGuyanaHaitiHeard Island and McDonald IslandsHondurasHong KongHungaryIcelandIndiaIndonesiaIranIraqIrelandIsle of ManIsraelItalyJamaicaJapanJerseyJordanKazakhstanKenyaKiribatiKosovoKuwaitKyrgyzstanLaosLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacauMacedonia (FYROM)MadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall IslandsMartiniqueMauritaniaMauritiusMayotteMicronesiaMoldovaMonacoMongoliaMontenegroMontserratMoroccoMozambiqueMyanmar (Burma)NamibiaNauruNepalNetherlandsNetherlands AntillesNew CaledoniaNicaraguaNigerNigeriaNiueNorfolk IslandNorth KoreaNorthern Mariana IslandsNorwayOmanPakistanPalauPalestinePanamaPapua New GuineaParaguayPeruPhilippinesPitcairn IslandsPolandPortugalPuerto RicoQatarRéunionRomaniaRussiaRwandaSaint BarthélemySaint HelenaSaint Kitts and NevisSaint LuciaSaint MartinSaint Pierre and MiquelonSaint Vincent and the GrenadinesSamoaSan MarinoSao Tome and PrincipeSaudi ArabiaSenegalSerbiaSeychellesSierra LeoneSint MaartenSlovakiaSloveniaSolomon IslandsSomaliaSouth AfricaSouth Georgia and the South Sandwich IslandsSouth KoreaSouth SudanSpainSri LankaSudanSurinameSvalbard and Jan MayenSwazilandSwedenSwitzerlandSyriaTaiwanTajikistanTanzaniaThailandTogoTokelauTongaTrinidad and TobagoTunisiaTurkeyTurkmenistanTurks and Caicos IslandsTuvaluU.S. Virgin IslandsUgandaUkraineUnited Arab EmiratesUnited States Minor Outlying IslandsUruguayUzbekistanVanuatuVatican CityVenezuelaVietnamWallis and FutunaWestern SaharaYemenZambiaZimbabwe * I agree to receive other communications from Trustwave. By clicking submit below, you agree to our Terms of Use and Privacy Policy. Additionally, you consent to allow Trustwave to store and process the personal information submitted above to provide you with the content requested. Services Managed Detection & Response Eradicate cyberthreats with world-class intel and expertise Managed Security Services Expand your team’s capabilities and strengthen your security posture Consulting & Professional Services Tap into our global team of tenured cybersecurity specialists Penetration Testing Subscription- or project-based testing, delivered by global experts Database Security Get ahead of database risk, protect data and exceed compliance requirements Email Security & Management Catch email threats others miss with layered security & maximum control Co-Managed SOC (SIEM) Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk View All Trustwave Services Solutions BY INDUSTRY * Education * Financial Services * Government * Healthcare * Hotels * Legal * Manufacturing * Retail BY REGULATION * Data Privacy * CMMC * FISMA * GDPR * GLBA * HIPAA * ISO * SOX BY TOPIC Microsoft Exchange Server Attacks Stay protected against emerging threats Rapidly Secure New Environments Security for rapid response situations Securing the Cloud Safely navigate and stay protected Securing the IoT Landscape Test, monitor and secure network objects Why Trustwave The Trustwave Approach A focus on threat detection and response Awards and Accolades Recognition by analysts and media outlets Trustwave SpiderLabs Team Researchers, ethical hackers and responders Trustwave Fusion Platform Unprecedented security visibility and control SpiderLabs Fusion Center Our cybersecurity command center Security Operations Centers Distributed worldwide defense nodes Partners Technology Alliance Partners Key alliances who align and support our ecosystem of security offerings Trustwave PartnerOne Program Join forces with Trustwave to protect against the most advance cybersecurity threats Register Login Resources BLOGS * Trustwave Blog * SpiderLabs Blog UPCOMING * Webinars * Events MEDIA & ASSETS * Document Library * Video Library * Analyst Reports * Webinar Replays * Case Studies * Trials & Evaluations NOTICES * Security Advisories * Software Updates HELP * Contact * Support MODBUS 101: ONE PROTOCOL TO RULE THE OT WORLD Victor Hanna Jun 10, 2022 CONTENTS 1. 2. ICS: Industrial Control Systems 3. 4. OT: What is Operational Technology and its components ? 5. 6. What is Modbus and How is the Protocol Structured? 7. 8. How does ModBus work? 9. 10. ModBus Flavors 11. 12. The Anatomy of a ModBus Frame 13. 14. The Exploit: How such a protocol is susceptible to attack 15. 16. Attack Chain 17. 18. Conclusion 19. 20. References 21. 22. Recommendations Jul 25, 2023 ModSecurity v3: DoS Vulnerability in Four Transformations (CVE-2023-38285) Nov 24, 2021 ModSecurity DoS Vulnerability in JSON Parsing (CVE-2021-42717) Oct 13, 2022 ModSecurity Request Body Parsing: Recent Bypass Issues Ever wondered how large-scale power plants monitor or control the myriad of systems that fill their environment? Have you thought about how some of the world’s greatest industrial hacks were enacted? This post will look to illuminate how one tiny legacy protocol, namely "ModBus" could help to understand just how straight forward this could be. To gain a more in-depth understanding we will be pulling apart the following things: * ICS: Industrial Control Systems * OT: What is Operational Technology * Modbus: What it is and how is the protocol is structured ? * The Exploits: How such a protocol is susceptible to attack ICS: INDUSTRIAL CONTROL SYSTEMS A "control system" can be defined as a system that manages, commands, directs, or regulates the behavior of other systems. An "Industrial Control System" is simply the generic term that describes a group of integrated control systems which are used to control instrumentation within an industrial environment. These types of systems may be made up of Relays, which could be used to control attached components or, the monitoring of various sources such as water pressure gauges for example. In common parlance, an ICS can be compared to a symphony conductor. It’s system that directs and controls all the sub-systems resulting in a smooth-running operation. OT: WHAT IS OPERATIONAL TECHNOLOGY AND ITS COMPONENTS ? "Operation Technology" is the term used to describe the hardware and software used to detect or cause a change to a component of a "Industrial Control System". A common way to control such components is using a "PLC (Programmable Logic Controller)", which is simply a Microprocessor-based controller that can be used to bridge the gap between the analog world (a physical relay that controls a light) and the digital world (a network interface that allows individual PLC's to be interconnected for management and control purposes). Specific protocols have been developed to control these interconnected PLC's. One of which, named ModBus has become the de-facto open standard commonly used to connect diverse ICSs over an Ethernet structure. WHAT IS MODBUS AND HOW IS THE PROTOCOL STRUCTURED? Modbus has been around for many years. It was initially developed in 1968 and released into the market in 1979 by Modicon, now Schneider Electric, as a protocol designed to replace hard-wired relay systems. Modbus is now an open standard and a widely used communications protocol that allows for the monitoring and controlling of individual PLCs within an ICS. HOW DOES MODBUS WORK? ModBus has become the de facto standard, truly open and the most widely used network protocol in the industrial manufacturing environment. It has been implemented by hundreds of vendors on thousands of different devices to transfer discrete/analog I/O and register data between control devices. It is a lingua franca of common denominator between different manufacturers. The ModBus protocol functions as a method to share messages amongst a group of interconnected devices. This messaging mechanism is used by each device to share information amongst one another, typically over a common physical medium type. The common physical medium type in use may vary across the industry. The choice of common medium type is commonly dependent on the type of device in use, that is to say not all devices share a standard physical interconnection type and thus ModBus provides a way in which to bridge this gap. This bridging is why ModBus has a widespread appeal and hence its broad usage. The ModBus protocol itself comes in many flavors. These varying flavors exist to facilitate the diversity in physical medium types in use across the industry. In a generic sense the protocol uses a Client/Server architecture, where each device is assigned a unique identifier. Using this architecture, a client will typically communicate to one or more listening server devices using the unique identifier as reference. The client in this case will send ModBus requests and commands, which direct the server devices to execute a native command. The following section will expand on the main two types of flavors that are commonly found to be in use across the industry. MODBUS FLAVORS The ModBus protocol comes in two main variants or flavors. These flavors specifically cater to the two main types of mediums or physical communications interfaces, namely Serial or Ethernet. We will describe both in this post, however Ethernet will be our primary focus, especially when describing "The Exploits" in a later section. 1. ModBusRTU (Remote Terminal Unit) * This protocol/flavor is used with Serial Communications, where an RTU may be deployed and physically connected via a RS-485, RS-422 or RS-232 physically connected device. * Using this protocol and physical connection strategy, this caters for devices that do not possess ethernet capabilities. * In this protocol, direct physical connections are made either between two directly connected devices (Client/Server), or alternatively using a 'multi-drop' environment, where a RS-485 (Long range serial) connection is made between a client and subsequently daisy chained together attaching multiple server devices. * In this environment communications is always initiated from the client and CRC checks are conducted in order to ensure the integrity of the message flows. * RS-485 uses a physical DB-9 connector type. ModBus Daisy Chain DB-9 Connector Type 2. ModBusTCP * This protocol/flavor is used to communicate ModBus over ethernet networks which are using TCP/IP. * The ModBus service typically runs over port 502/tcp in clear text. * Unlike the ModBusRTU variant, ModBusTCP DOES NOT utilize a CRC as this functionality is already built into the ethernet protocol itself. * RJ45 are the typical physical connectors used with this protocol. ModBusTCP Typical Setup THE ANATOMY OF A MODBUS FRAME At a 30,000 foot view the ModBus frame or MBAP (ModBus Application Protocol Header) looks something like this: However, a closer look at a ModBus frame appears like this: Now, if we were to populate the frame with data it may start resembling something like this: 000000000006FF0600020f0f Given that most of us don't speak native HEX, I have broken things down even further in a more digestible format below: 0000 0000 0006 FF 06 00020f0f <2-byte Transaction ID>|<2-byte Protocol ID>|<2-byte length>|<1-byte Unit ID>|<1-byte function code>|<Data for response or commands> The static portion of the frame i.e., the first seven bytes remain mostly unchanged between transactions. Where it starts to become a little more dynamic is in the last section of the frame. The section that is being referred to, in this instance, starts from the 1-byte function code onwards. This section provides the server with information about how it should respond. This response may also require the PLC to execute a low-level function e.g., switching of a relay. The following table illustrates the available function codes. Function codes are simply commands sent from a client to a server that instruct the server to do something useful. Function Codes Referring to our example, the function code in use is '06', which as we can see is the code for the 'Write Single Holding Register' function. If we break down this specific functional code, we will understand its requirements and/or format. Function Code ‘06’ As seen, the function code '06' uses two a 2-byte fields for its request, the first of which is the address to be written to and the second is the value that is required to be written. The first value corresponding to '0002' is the address to be written to. The second value corresponding to '0f0f' is the value that is required to be written. A register simply refers to an address location in memory. In our case this address location will be '40002'. The reason that this value is 40002 and not 0002 is that the output holding register (the register that will be monitor for change) starts off at offset memory location '40000'. So, in our case, we have instructed address location 40002 to be populated with a two-byte value of '0f0f'. Write Holding Registers When an output holding register is changed the on-board controller, after monitoring its new value will execute upon the value found in the register. This may correspond to either a ON or OFF for example. THE EXPLOIT: HOW SUCH A PROTOCOL IS SUSCEPTIBLE TO ATTACK Now that we have the theory behind us, let’s look at some of the main reasons that this type of protocol is susceptible to attack. Some of the ModBus protocol weaknesses include: 1. A lack of required authentication for requests 2. A lack of encryption of traffic 3. A lack of anti-replay defences An attacker taking advantage of these deficiencies can chain them together ultimately leading to control of the devices. ATTACK CHAIN 1. Sniffing of unencrypted traffic over the wire 2. Replaying of the attack using a custom exploit to fully take-over and control the end device. Practical Example This particular practical example uses a ModBus enabled device. This device is used to control two physical relays, which in this instance is connected to a strobe light. This strobe light could be easily substituted for a door controller or alternatively a myriad of other potential target devices. This example shows how an attacker can: * Capture a clear text ModBus command, originally destined to a target device. Through use of simply sniffing techniques. * Use this captured data to fully takeover the target device using a weaponized custom exploit. CONCLUSION The main goal for this post was to showcase the under-hood workings of what makes an OT tick. ModBus and various other protocols are often at the heart of many OT environments and as such places many ICSs at risk in terms of compromise. The underlying weaknesses as so described in this post, are often not considered in forethought due a number of reasons, some of which may include: * The “interoperability” aspect taking precedence over the “security” aspect. In this instance it may become more impactful to interrupt a functioning OT environment than to fully realize the security uplift itself. * The OT environment itself may consist of many legacy devices that may themselves not be upgradeable to utilize secure standards such as ‘Secure ModBus’. Secure ModBus at its core uses Ethernet as its common physical medium, TCP/IP as transport and Certificate Based Authentication to both secure traffic flows and to provide mutual authentication between server and client. * An organizations genuine naivety with respect to the lack of security with such a protocol. REFERENCES * Regular Penetration Testing regime: Partnering with a skilled consultancy which through regular penetration testing and assessment can provide insight into the resilience of an organizations OT environment. * Consider the use and potential uplifting of an OT environment towards a more secure protocol usage, such as “Secure ModBus” as described above. * Ensure that the facility which services the OT environment uses a defence in depth model. This infers the usage of security at each layer of the OT environments ecosystem. Some examples may include but are not limited to, the use of security appliances such as IDS’s and Firewalls and the adequate usage of physical access control systems such as to ward of internal threat actors, by limiting/restricting access to OT end systems. RECOMMENDATIONS * https://en.wikipedia.org/wiki/Modbus#Protocol_versions * https://www.modbus.org/ * https://www.ni.com/en-au/innovations/white-papers/14/the-modbus-protocol-in-depth.html Jul 25, 2023 ModSecurity v3: DoS Vulnerability in Four Transformations (CVE-2023-38285) Nov 24, 2021 ModSecurity DoS Vulnerability in JSON Parsing (CVE-2021-42717) Oct 13, 2022 ModSecurity Request Body Parsing: Recent Bypass Issues Previous Trustwave's Action Response: More MSDT Fallout with “Dogwalk” Next The Importance of White-Box Testing: A Dive into CVE-2022-21662 STAY INFORMED SIGN UP TO RECEIVE THE LATEST SECURITY NEWS AND TRENDS FROM TRUSTWAVE. * * * * * Leadership Team * Our History * News Releases * Media Coverage * Careers * Global Locations * Awards & Accolades * Trials & Evaluations * Contact * Support * Security Advisories * Software Updates * Legal * Terms of Use * Privacy Policy Copyright © 2023 Trustwave Holdings, Inc. All rights reserved. We use cookies to provide you a relevant user experience, analyze our traffic, and provide social media features. Privacy Policy GOT IT PREFERENCE CENTRE When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information Allow All MANAGE CONSENT PREFERENCES STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Back Button COOKIE LIST Search Icon Filter Icon Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Confirm My Choices